Commit 2fd9e170 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

Merge r1572092 from trunk:

mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.

PR: 56062
Submitted by: Lukas Bezdicka
Reviewed by: ylavic, breser, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611806 13f79535-47bb-0310-9956-ffa450edef68
parent 409529b5
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -21,6 +21,9 @@ Changes with Apache 2.2.28
     Fix a race condition in scoreboard handling, which could lead to
     a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]

  *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
     [Lukas Bezdicka <social v3.sk>]

  *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
     [Ben Reser]

+0 −10
Original line number Diff line number Diff line
@@ -99,16 +99,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
  [ start all new proposals below, under PATCHES PROPOSED. ]

   * mod_deflate: Fix decompression of files larger than 4GB. According to RFC1952,
                  Input SIZE contains the size of the original input data modulo 2^32.
                  PR 56062.
     trunk patch: http://svn.apache.org/r1572092
                  http://svn.apache.org/r1603156 (partially, CHANGES update)
     2.4.x patch: http://svn.apache.org/r1604460 (2.4.10)
     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_4GB.patch
                  (modulo CHANGES)
     +1: ylavic, breser, wrowe

   * mod_proxy: Don't reuse a SSL backend connection whose SNI differs. PR 55782.
                This may happen when ProxyPreserveHost is on and the proxy-worker
                handles connections to different Hosts.
+4 −2
Original line number Diff line number Diff line
@@ -1062,7 +1062,8 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
                    }
                    ctx->stream.next_in += 4;
                    compLen = getLong(ctx->stream.next_in);
                    if (ctx->stream.total_out != compLen) {
                    /* gzip stores original size only as 4 byte value */
                    if ((ctx->stream.total_out & 0xFFFFFFFF) != compLen) {
                        inflateEnd(&ctx->stream);
                        return APR_EGENERAL;
                    }
@@ -1253,7 +1254,8 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
                }
                ctx->validation_buffer += VALIDATION_SIZE / 2;
                compLen = getLong(ctx->validation_buffer);
                if (ctx->stream.total_out != compLen) {
                /* gzip stores original size only as 4 byte value */
                if ((ctx->stream.total_out & 0xFFFFFFFF) != compLen) {
                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                                  "Zlib: Length of inflated stream invalid");
                    return APR_EGENERAL;